JAC27

4 Posts

1174

January 17th, 2010 12:00

Need assistance please, RE: Hijack This results. Trying to remove any lingering Trojan virus traces from recent attack

This is my first post here so I hope that I'm in the right place...

I've been hit with some malware recently and am trying to make sure that I removed it all... Norton 360, Malwarebytes, Spybot, & Ad-Aware are now producing clean scans again, but It was recommended that I try Hijack This also. However, I lack the level of knowledge needed when it comes to normal processes vs. what shouldn't be there, so can someone please assist me by checking my Hijack This log and advising me on what should not be present? TIA if you can help. :)

I'm running a Dell XPS... I guess you'd call it a first generation XPS.

I guess that I should post the results, so here goes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:46:13 PM, on 1/17/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bussecompanystore.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&error=0&language=en&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000082.00000049.000000b9&b=00000082.00000070.0000014d&c=00000082.00000096.000001da&d=00000082.000000e6.0000026f
O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1189139610125
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9608 bytes

Thank you,

JA Churchman :)

Responses(6)

Bugbatter

3 Apprentice

•

20.5K Posts

0

January 17th, 2010 13:00

Hi JA Churchman,

HijackThis does not show everything, especially lately with so much malware that likes to hide. What type of malware did you have? Even though the scans are coming up clean, are you having any lingering symptoms of the malware?

Let's run a scan with a more comprehensive tool.

First, please disable TeaTimer:
Go to Start>Run. Type Msconfig > OK. On the next window that opens > Startup tab UNcheck the entry for TeaTimer until this is over...
1. Open Spybot
2. Click Mode > Advanced Mode
3. Click Yes
4. Click Tools (located in the bottom left corner) > Resident
5. Uncheck 'Resident "TeaTimer" (Protection of over-all system settings) active'
6. Then close Spybot.
Reboot.
Verify that TeaTimer is not running. You can enable it again after we have confirmed that we are finished cleaning.

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
Click Yes at the prompt for Optional Scan.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
Copy/paste both logs to your reply on the forum.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

Bugbatter

3 Apprentice

•

20.5K Posts

0

January 17th, 2010 15:00

Your log looks good.

Your Java update 17 is one version out of date. You might as well update that.

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 18 .
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
From your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

To disable the JQS service if you don't want to use it:

* Go to Start-->Control Panel-->Java-->Advanced-->Miscellaneous and uncheck the box for Java Quick Starter.

* Click Ok and reboot your computer.

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:

1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system, Office, and IE. The first defense against infection is a properly patched OS from Microsoft Update at update.microsoft.com. More info HERE.

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.

3.You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php

6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7.Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Red for Warning = STOP
- Yellow for Use Caution
- Green for Safe
- Grey for Unknown
There is a Web Of Trust version for Firefox as well.

8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates

9. Here are some helpful articles:
"How did I get infected?"
http://www.bleepingcomputer.com/forums/topic2520.html

"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

JAC27

4 Posts

0

January 17th, 2010 15:00

Hi again,

Here's the 2 DDS files below.

(DDS_Text)

DDS (Ver_09-12-01.01) - NTFSx86
Run by Jaxx at 18:20:50.18 on Sun 01/17/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1384

[GMT -5:00]

AV: Norton 360 *On-access scanning disabled* (Updated)

{E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jaxx\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bussecompanystore.com/
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} -

c:\program files\norton 360\engine\3.5.2.11\coIEPlg.dll
BHO: Symantec Intrusion Prevention:

{6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton

360\engine\3.5.2.11\IPSBHO.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} -

c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d}

- c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper:

{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c}

- c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program

files\norton 360\engine\3.5.2.11\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program

files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [ ] c:\program files\internet explorer\iexplore.exe

http://www.symantec.com/techsupp/servlet/ProductMessages?module=2009&erro

r=0&language=en&product=SymNRT&version=2009.0.5.26&build=Symantec&a=00000

082.00000049.000000b9&b=00000082.00000070.0000014d&c=00000082.00000096.00

0001da&d=00000082.000000e6.0000026f
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [MXO Auto Loader] c:\windows\MXOALDR.EXE
mRun: [StartCCC] "c:\program files\ati

technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [PCMService] "c:\program files\dell\media

experience\PCMService.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe"

-atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: c:\docume~1\jaxx\startm~1\programs\startup\secuni~1.lnk -

c:\program files\secunia\psi\psi.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &ieSpell Options - c:\program

files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel -

c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmside

wiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam

Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program

files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program

files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

{53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -

hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6

be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -

hxxp://www.symantec.com/techsupp/activedata/nprdtinf.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} -

hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} -

hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/clie

nt/muweb_site.cab?1189139610125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultras

him.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -

hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -

hxxp://www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program

files\norton 360\engine\3.5.2.11\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File

Attributes;c:\windows\system32\drivers\n360\0305020.00b\SymEFA.sys

[2009-9-8 310320]
R1 BHDrvx86;Symantec Heuristics

Driver;c:\windows\system32\drivers\n360\0305020.00b\BHDrvx86.sys

[2009-9-8 259632]
R1 ccHP;Symantec Hash

Provider;c:\windows\system32\drivers\n360\0305020.00b\cchpx86.sys

[2009-9-8 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ips

defs\20100116.002\IDSXpx86.sys [2010-1-17 329592]
R2 N360;Norton 360;c:\program files\norton

360\engine\3.5.2.11\ccSvcHst.exe [2009-9-8 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common

files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-1-1 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir

usdefs\20100117.002\NAVENG.SYS [2010-1-17 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\vir

usdefs\20100117.002\NAVEX15.SYS [2010-1-17 1323568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program

files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

=============== Created Last 30 ================

2010-01-17 19:45:25 0 d-----w- c:\program files\Trend

Micro
2010-01-17 16:44:27 0 dc-h--w-

c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-17 16:43:57 0 d-----w- c:\program files\Lavasoft
2010-01-17 10:11:54 411368 ----a-w-

c:\windows\system32\deploytk.dll
2010-01-17 10:01:36 0 d-----w- c:\program files\Secunia
2010-01-17 00:19:12 0 d-----w-

c:\docume~1\alluse~1\applic~1\Geek Squad
2010-01-17 00:18:55 524288 ---ha-w- c:\documents and

settings\jaxx\ntuser.dat.LOG1
2010-01-17 00:18:55 0 ---ha-w- c:\documents and

settings\jaxx\ntuser.dat.LOG2
2010-01-15 14:06:56 1 ----a-w- C:\s

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w-

c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w-

c:\windows\system32\drivers\mbam.sys
2009-11-14 00:47:32 90112 ----a-w-

c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w-

c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w-

c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w-

c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w-

c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w-

c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w-

c:\windows\system32\DivX.dll
2009-10-29 07:45:38 916480 ----a-w-

c:\windows\system32\wininet.dll
2009-10-21 06:00:55 75776 ----a-w-

c:\windows\system32\strmfilt.dll
2009-10-21 06:00:55 25088 ----a-w-

c:\windows\system32\httpapi.dll

============= FINISH: 18:21:34.36 ===============

***********************************************************************************************************************************************

(DDS_Attach)